Back to Microsoft Azure Developer Associate AZ-204 questions

Scenario-based practice

Hard Difficulty Questions

Practise Microsoft Azure Developer Associate AZ-204 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
AZ-204
exam code
Microsoft
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related AZ-204 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

You are monitoring an Azure App Service using Application Insights. You notice that HTTP 500 errors are increasing, but the standard server response time metric remains normal. You suspect that the errors are occurring in an external API call made by the application. How can you identify the dependency that is failing?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

You have an Azure App Service web app that experiences intermittent slowness. You enable Application Insights and notice that the "Failed Requests" metric is low, but "Server Response Time" is high for a subset of requests. You want to identify the specific code path causing the delay. Which feature should you use?

Question 3hardmultiple choice
Full question →

You need to analyze all exceptions that occurred in the last 24 hours from an application monitored by Application Insights. You want to group them by exception type, and for each type show the URL where it occurred and the count. Which Log Analytics Kusto query should you use?

Question 4hardmultiple choice
Full question →

You are building a web application that uses Microsoft Entra ID for authentication. The application needs to call Microsoft Graph API to read user profiles and send emails on behalf of the signed-in user. You want to ensure that the user's consent is obtained only once and that the application can refresh tokens silently. Which OAuth 2.0 flow should you implement?

Question 5hardmultiple choice
Full question →

A single-page app signs in users with Microsoft Entra ID and calls a protected API. The app cannot safely keep a client secret. Which OAuth flow should be used? The design must avoid adding custom operational scripts.

Question 6hardmulti select
Full question →

A production API needs proactive alerting for failed dependency calls. Which two elements are required for a useful Azure Monitor alert?

A production API needs proactive alerting for high telemetry cost. Which two elements are required for a useful Azure Monitor alert?

Question 8hardmulti select
Full question →

A document rendering job in Azure App Service must safely access Key Vault secrets without connection strings in configuration. Which two steps are required?

Application Insights ingestion cost is rising because a high-traffic app emits large telemetry volume. The team needs statistically useful telemetry while reducing ingestion. What should be configured?

Question 10hardmultiple choice
Read the full NAT/PAT explanation →

You develop a C# application that stores sensitive documents in Azure Blob Storage. You need to generate a time-limited shared access signature (SAS) that allows a client to only read and list blobs in a specific container. The SAS must be valid for exactly 1 hour from the current time. Which code snippet correctly creates the SAS? (Assume BlobServiceClient and BlobContainerClient are properly initialized.)

Application Insights ingestion cost is rising because a high-traffic app emits large telemetry volume. The team needs statistically useful telemetry while reducing ingestion. What should be configured? The design must avoid adding custom operational scripts.

Application Insights ingestion cost is rising because a high-traffic app emits large telemetry volume. The team needs statistically useful telemetry while reducing ingestion. What should be configured? The architecture review board prefers a managed AWS-native control.

Question 13hardmulti select
Full question →

A production API needs proactive alerting for unexpected exceptions. Which two elements are required for a useful Azure Monitor alert?

Question 14hardmultiple choice
Full question →

You are developing a web API that must authenticate requests using Microsoft Entra ID (Microsoft Entra ID) and OAuth 2.0 bearer tokens. You want to validate the token in your API code. Which library should you use?

Question 15hardmultiple choice
Full question →

You need to emit a custom metric in Application Insights that tracks the number of page views per browser. You expect high volume (millions of events per day). Which API should you use to ensure efficient pre-aggregation and avoid performance issues?

Question 16hardmultiple choice
Full question →

An e-commerce platform writes orders to a Cosmos DB container. A downstream inventory service must process every new or updated order exactly once, even if the inventory service restarts mid-batch. The solution must scale horizontally when order volume increases. What is the recommended design?

Question 17hardmultiple choice
Full question →

Three microservices collaborate on a single user transaction: an App Service API, an Azure Function that processes a Service Bus message, and a downstream storage service. Traces appear separately in Application Insights with no parent-child relationship. What is needed to correlate all three into a single end-to-end trace?

Question 18hardmulti select
Full question →

An API receives JWT access tokens from Microsoft Entra ID. Which two token properties should the API validate before accepting a request? The team wants the control to be enforceable during normal operations.

Question 19hardmulti select
Full question →

An API receives JWT access tokens from Microsoft Entra ID. Which two token properties should the API validate before accepting a request? The design must avoid adding custom operational scripts.

Question 20hardmulti select
Read the full NAT/PAT explanation →

An API receives JWT access tokens from Microsoft Entra ID. Which two token properties should the API validate before accepting a request? The architecture review board prefers a managed AWS-native control.

These AZ-204 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style AZ-204 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.